here's the code for validate.php
include("appConfig.php");
header("Pragma: ");
header("Cache-Control: ");
header("Expires: Mon, 26 Jul 2004 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
//set global variables
//global $username,$password;$dept_code;$level;
//The Login Page --> where the user goes according to their levels.
$login_page = "index.php";
$sucess_admin_page = "admin.php"; //First level
$sucess_department_page ="department.php"; // department level
$sucess_workgroup_page = "workgroup.php"; // workgroup level
$sucess_subWorkgroup_page ="subworkgroup.php";// sub workgroup level
$sucess_suspended_page ="4.php";// sub workgroup level
$validate_path ="/temp/users/validate.php";
// ERROR messages
$login_err = '
Your User Name Or Password was incorrect
';
$empty_err = '
You need to login with your User Name and Password
';
//something entered that wasn't a letter or number error message
$chr_err = '
You have to enter valid characters.
';
//if the form is empty and the cookie isn't set
//then display error message the return to login
if($username == "" && $password == "" && !isset($this_cookie)){
print($empty_err);
include($login_page);
exit();
}
//if the form is not empty and the cookie isn't set
//then make sure that only letters and numbers are entered
//if there are then display error message the return to login
if($username != "" || $password != "" && !isset($this_cookie)){
if (preg_match ("/[^a-zA-Z0-9]/", $username.$password)){
print($chr_err);
include($login_page);
exit();
}
}
//if the cookie isn't set
if (!isset($this_cookie) ){
$user_count = count($uname);
$user_exists = false;
// check through all the users to see if they exist
$get_list = "SELECT username, password, accessLevel, Dept_Code, EMP_NUM FROM members WHERE username= '$username' AND password ='$password'";
$get_list_res = mysql_query($get_list) or die(mysql_error());
if (mysql_num_rows($get_list_res) > 0) {
$recs = mysql_fetch_array($get_list_res);
$username = $recs['username'];
$password = $recs['password'];
$level = $recs['accessLevel'];
$dept_codex = $recs['Dept_Code'];
$emp_num2 = $recs['EMP_NUM'];
$user_exists = true;
}
if(!$user_exists){
print ($login_err);
include($login_page);
exit();
}
//if the login is correct then set the cookie
$cookie_val=crypt($uname[$user_id]);
//set the cookie so it dies when the browser is closed
session_start();
$_SESSION[username] = $username;
$_SESSION[dept_codex] = $dept_codex;
$_SESSION[level] = $level;
$_SESSION[password] = $password;
$_SESSION[emp_num2] = $emp_num2;
setcookie("this_cookie", $cookie_val, 0);
// Log the user
$hostname = 'localhost';
$dbname = "trainingreport1";
$dbusername = 'likitung';
$dbpassword = '3l3ctr0d3';
$id_link = mysql_connect("localhost", "$dbusername", "$dbpassword")
or die(mysql_error());
mysql_select_db($dbname,$id_link) or die(mysql_error());
$log ="User Login ";
$Query="INSERT INTO systeLog(date, user, action, time, dept_code)VALUES(now(), '$username', '$log', curtime(),$dept_codex)";
mysql_query($Query,$id_link) or die(mysql_error());
if($level==1)
{
header("Location: $sucess_suspended_page");
}
else if($level ==5)
{
header("Location: $sucess_subWorkgroup_page");
}
else if($level ==10)
{
header("Location: $sucess_workgroup_page");
}
else if($level==15)
{
header("Location: $sucess_department_page");
}
else if($level == 20)
{
header("Location: $sucess_admin_page");
}
}
//if a user tries to access validate.php directly and they are logged in
if($REQUEST_URI == $validate_path){
echo "\n\n";
echo "
Yor are logged in\n";
echo "\n";
echo "\n";
echo "You are logged in.
Continue\n";
echo "\n";
echo "\n";
}
?>